Ireland’s Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy’s damning report has revealed.
Issued today, the report from PWC (formerly known as PriceWaterhouseCooper) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known to infosec: spam.
PWC said, in the report’s executive summary:
“The Malware infection was the result of the user of the Patient Zero Workstation clicking and opening a malicious Microsoft Excel file that was attached to a phishing email sent to the user on 16 March 2021.”
Even worse, PWC said HSE personnel had spotted the WizardSpider crew behind the infection operating on HSE networks – yet “these did not result in a cybersecurity incident and investigation initiated by the HSE”.
“As a result, opportunities to prevent the successful detonation of the ransomware were missed”.